2012 Resolution – Avoid 7 New Website Legal Compliance Gotchas

lawYour personal New Year’s resolutions are important. You bet.

However, if you’re a SaaS or Internet marketer, your best-laid plans for 2012 may hit the skids if you fail to avoid new website legal compliance gotchas that emerged in 2011.

So, It’s highly recommended that you add to your personal resolutions the requirement to review the checklist of critical developments and related gotchas in these 2 categories: privacy and Internet marketing.


Privacy developments have led the way in terms of new developments in the last few years, and 2011 was no exception. These are the new key developments and related gotchas to avoid.

* Readability of Privacy Policies. In its Preliminary Staff Report issued in December, 2010, the Federal Trade Commission (FTC) stated its criticism of “long, incomprehensible privacy policies that consumers typically do not read, let alone understand”. The FTC stated its policy that “although privacy policies may not be a good tool for communicating with most consumers, they still could play an important role in promoting transparency, accountability, and competition among companies on privacy issues – but only if the policies are clear, concise, and easy-to-read”. So, the gotcha to avoid is clear: review your Privacy Policy and replace the disclaimer boilerplate language with clear and easy-to-read text.

* Location Data Now Subject to Privacy Protections. In its Preliminary Staff Report, the FTC also added a new category of information that’s now subject to privacy regulation which includes location data. If your site collects location data via GPS (also referred to as “Covered Information”), avoid this gotcha by disclosing in your Privacy Policy how location data is collected, what’s actually collected, and how it’s used and shared.

* Behavioral Advertising. On March 14, 2011, the FTC announced a settlement regarding behavioral advertising, and along with it, the FTC’s policy requiring prior notice and an opt out mechanism for the collection of data online for behavioral advertising purposes. Behavioral ads are based on anonymous data collected on how a user’s computer browses the Internet, including websites visited, searches made, and content read. This data is used to create a behavioral profile that is linked to a specific demographic. If your site collects behavioral data or serves behavioral ads, avoid this gotcha by full disclosure in your Privacy Policy.

* Undisclosed Uses of Personal Information. On March 20, 2011, the FTC announced a new settlement regarding its established policy regarding undisclosed uses of personal information. This is the big gotcha to be avoided at all costs: collection, use, or sharing of personal or covered information in a manner that is materially different from, or contrary to, the stated purpose in your Privacy Policy. For example, if you collect personal or covered information for one online service, but use this information for a new online service without permission, you could be in big trouble with the FTC.

Internet Marketing

New Internet marketing regulations were numerous in 2011. This is a checklist of the new key developments and related gotchas to avoid.

* ROSCA’s Limitations on Data Pass Transactions. On December 29, 2010, President Obama signed the Restore Online Shopper’s Confidence Act (ROSCA) that regulates credit and debit card data pass transactions. ROSCA prohibits cross-sell Internet marketing schemes where Merchant 1 makes an online sale to a consumer and then passes billing information (the “data pass”). ROSCA permits transfer of the consumer, but not the consumer’s billing information, and that’s the gotcha to avoid.

* ROSCA’s Limitations on Sites With Continuity Income. Websites with continuity income are now regulated. The typical continuity income site would be a membership site where a consumer agrees, for a price or for free, to receive a product or service for an initial period of time, after which the consumer will be charged without giving additional consent for another period of time. If your site is a continuity income site, avoid this gotcha by (i) clearly and conspicuously disclosing all material terms of the plan prior to obtaining billing information, (ii) obtaining express informed consent before charging the consumer’s account, and (iii) providing a simple mechanism for canceling the plan.

* Defamatory Blog Posts. Section 230 of the Communications Decency Act (CDA) shields operators of “interactive computer services” from liability for defamatory posts by visitors. However, if you make the defamatory statement in your blog yourself, you’re not protected by the CDA Section 230. A key development in 2011 involved a defamatory blog post in a blog that was a direct competitor of the defamed person, and the blog operator also re-posted the defamatory statements as a stand-alone post together with a new heading and some additional comments. Although the court found that CDA Section 230 still provided a shield from liability, this was a very close case with a strong dissent. So, the gotcha to avoid is to not repost or even enhance potentially defamatory posts by visitors.


Beginning in 2009, we’ve experienced a tsunami of new legal regulations affecting websites and Internet marketing. And the tsunami continued in 2011. The old “wild, wild west” days are over.

It’s critically important for SaaS providers and Internet marketers to stay on top of new developments and to avoid the related gotchas. The price for failure to comply in terms of liability exposure can be very high. While this checklist is not exhaustive, it’ll provide a good start as you plan ahead for 2012.

This article is provided for educational and informative purposes only. This information does not constitute legal advice, and should not be construed as such.

Is your website legal? Do you understand what you need to do for website legal compliance? Protect your website and your business with near-custom Website Legal Documents. One size doesn’t fit all. Leading Internet and SaaS Attorney Chip Cooper’s “done for you” online legal document service does all the work for you. No special knowledge required –

About the author


Chip Cooper

Is your website on the FTC radar screen? Do you understand the Rules of The Road and have access to the legal documents to protect yourself and your site from aggressive FTC enforcement? Create your own customized website documents and FTC legal forms with our website legal forms generator - no special knowledge required. Created by leading Internet attorney, Chip Cooper.

1 Comment

Click here to post a comment
  • Navigating the multiple levels of compliance from ISO to Federal Regulations is getting as hard to keep up with as algorithmic changes!

    But it is absolutely important to understand not only federal laws but to be aware of the specific rules that may apply to each of our clients’ vertical markets. We have clients that range from law firms which depending on the state have different bar association rules to healthcare and health insurance which has some state rules where we are in contact with the State Attorney’s office for each state to maintain compliance.

    So we just keep reading!

Sign Up for Our Newsletter